Hi, as you can tell him new here. I'm pretty sure this is the forum I should put this in.

So I started searching google for help and this forum kept poping up over and over and looked like the perfect place to go because I wasn't getting very far in getting my question answered.

My friend's laptop was stolen. He has all the guy's personal information, name age which highschool he went to, what his external IP is ect. (he has logmein on the computer) problem is the guy turns the laptop off when he's not using it. So my friend sits there everyday and watching him on the laptop trying to find a moment to grab the laptop and use it real quick. It's a win7 machine with some antivirus. He moused over the network icon and saw he was attached to linksys.

Which is a bummer through tracing his external IP we know the neighborhood, and planned on going wardriving to hunt for the SSID, but with it being linksys we're gonna get a few results.

Now I know that using netsh in win7 you can do something like a show wlan /all and get the mac address for the wireless network so we can pinpoint it. but as well. but with it possibly being an old linksys do you guys know if maybe I could do something to like get the netbios against the internet address to get the mac that way. As a moment of time to type commands on the laptop hasn't presented it's self?

He has all the guy's personal information, name age which highschool he went to, what his external IP is ect. (he has logmein on the computer) problem is the guy turns the laptop off when he's not using it.

How does he have all this informtion?

So my friend sits there everyday and watching him on the laptop trying to find a moment to grab the laptop and use it real quick. It's a win7 machine with some antivirus. He moused over the network icon and saw he was attached to Linksys.

Did he break into the guys house to get this information? This guy is running a Linksys router without changing the SSID?

Which is a bummer through tracing his external IP we know the neighborhood, and planned on going wardriving to hunt for the SSID, but with it being linksys we're gonna get a few results.

How did you get his external IP? If you know his external IP there is no need to war drive .

Now I know that using netsh in win7 you can do something like a show wlan /all and get the mac address for the wireless network so we can pinpoint it.

Why are you using windows 7? Linux is needed makes life much easier. This wont work unless you are connected to his network and if its secured which I am sure it is, it is not going to be easy.

but as well. but with it possibly being an old linksys do you guys know if maybe I could do something to like get the netbios against the internet address to get the mac that way. As a moment of time to type commands on the laptop hasn't presented it's self?

Now with all that said. Are you trying to gain access to your friends laptop in this other guys house? If so why are you trying to do this? If the laptop is his does he have proof its his? If so call the cops and get it back.

Got his external IP because i think my friend has rainmeter has as it shown on the desktop.

The rest of the information he got while watching him sign up for dating websites I think.

With the external IP we're still waiting on comcast to get back to us wit the address but it's doesn't appear to be happening anytime soon.

And in order to get a warrant to search the house we first need to know which house it is. With the external IP we only have it traced down to the rough location. So with wardriving we were hopping to find it narrow it down to the exact address, then present it to the police (who we've already reported too) hopefully giving them enough evidence that they can get a warrant.

Of course because the cops only have loose evidence they refuse to move or do anything. As well I believe this guy is a minor so he's name isn't in records.

So that leads me back to us trying to pin point the house. Because we know which neighborhood it is. I figured best way was through wifi because he is connected wirelessly but the SSID is linksys so my next move was to see if we could find the mac of that linksys (hopefully from the internet via his external ip) because we don't want to scare the guy into ditching the laptop by suddenly taking control of it and him shutting it off right away.

so thats why I was asking if there was something I could do to discover that linksys mac via WAN

El33tsamurai wrote:He has all the guy's personal information, name age which highschool he went to, what his external IP is ect. (he has logmein on the computer) problem is the guy turns the laptop off when he's not using it.

How does he have all this informtion?

Like I said in my post LogMeIn, it's a remote desktop service. So we do have remote control of the laptop but the guy never leaves it on, only has it on when he uses it.

And I'd imagine if we just started controlling the desktop he would shut off the computer and ditch it. So we've only been using it for watching.

I'm the owner of the laptop. A report was made to the police 3.5 weeks ago, but the cops can't get information from the High school because CPS schools seal student records to everyone until the student graduates (Even to CPD, unless the student gets into an altercation on campus where Police have to get involved)

Subpoenaed Comcast 3 weeks ago, and it takes 12 days to process a subpoena, but when I called the cop yesterday asking about the subpoena status, he asked me what subpoena? And then tried to say he had submitted it weeks ago but Comcast had not gotten back to him yet. So I’m assuming that this is a dead end.

I got the information by recording what he does on the computer using Logmein Central. But, to date, he has yet to do anything with an address, just mostly facebook and pron.

The goal of this is to get the address, or a contact number for the home so the police can reclaim the laptop and possibly some of the other 5 grand in equipment that was stolen. I've got access to the command prompt (Logmein Central allows you to run it in the background), a way to drop files into the computer and the ability to remote control the laptop.

El33tsamurai wrote:He has all the guy's personal information, name age which highschool he went to, what his external IP is ect. (he has logmein on the computer) problem is the guy turns the laptop off when he's not using it.

How does he have all this informtion?

Like I said in my post LogMeIn, it's a remote desktop service. So we do have remote control of the laptop but the guy never leaves it on, only has it on when he uses it.

And I'd imagine if we just started controlling the desktop he would shut off the computer and ditch it. So we've only been using it for watching.

dmuzial wrote:I'm the owner of the laptop. A report was made to the police 3.5 weeks ago, but the cops can't get information from the High school because CPS schools seal student records to everyone until the student graduates (Even to CPD, unless the student gets into an altercation on campus where Police have to get involved)

Subpoenaed Comcast 3 weeks ago, and it takes 12 days to process a subpoena, but when I called the cop yesterday asking about the subpoena status, he asked me what subpoena? And then tried to say he had submitted it weeks ago but Comcast had not gotten back to him yet. So I’m assuming that this is a dead end.

I got the information by recording what he does on the computer using Logmein Central. But, to date, he has yet to do anything with an address, just mostly facebook and pron.

The goal of this is to get the address, or a contact number for the home so the police can reclaim the laptop and possibly some of the other 5 grand in equipment that was stolen. I've got access to the command prompt (Logmein Central allows you to run it in the background), a way to drop files into the computer and the ability to remote control the laptop.

People tend to focus too much on the technical side of recon. Sometimes you need to think outside of the box.

I am assuming he is living at home since he is a minor. So you should be able to look up his parents property tax info by last name, which would give you an address. Completely free information that can be obtained legally on the internet.

If you know what this guy looks like (facebook and dating sites usually have pictures) and his general location...why not just do some old fashion detective work and stake out the neighborhood? Wait till you see him and figure out which house he goes into. Completely legal since you are observing people in a public place. Just don't go looking through windows.

You can also sometimes get registrant address info from Whois lookups if the guy has a domain. I also like Maltego a lot but I've never used it for a private party so not sure how useful it will be here. For domains and companies it's amazing.

Google groups is a great resource for recon as well. Especially if you know the guys common handles. Doubt it will give you address but might complete the picture for you or give you new avenues to check.

Lastly, one of my new favorites is FOCA from http://www.informatica64.com/FOCA/ . Might not be much help here b ut I include it for general reference. It queries search engines for a target domain for downloadable files like pdf, doc, etc and then harvests the metadata from the files. I've found internal usernames, dns info, server names, IP addresses, installed applications (Adobe Acrobat 6?! Sweet!) and various other juicy info.

Last edited by tturner on Wed Jun 22, 2011 4:20 pm, edited 1 time in total.

Because you have remote access to the computer, you should be able to find what is in the preferred network list for the wireless interface. With that info, you can run airbase-ng when you do your wardriving and with a directional antenna pinpoint the exact location. You should look at the wireless megaprimer series at securitytube.net if you need help figuring out what I'm talking about.